Selective Two-Factor Authentication for External Users

Duo and Central Authentication Service (CAS) allow us to enable two-factor authentication selectively for our SIS users but we also need selective two-factor authentication for our external users that login through the side door URL.

2FA isn't the ultimate security measure but institutions that use external accounts for admin purposes would probably appreciate bigger padlocks on the side doors. Not all external users would need 2FA but having the option would be awesome.

This probably won't get a lot of votes because it's mostly an admin feature, but that doesn't diminish its importance. This will be a big step for Canvas to continue saying it's the most secure LMS around. Thanks for posting!

I think you are talking about 2FA for internally authenticated accounts in canvas. In that case, 2FA is already available in the open source version of canvas (and has been for quite some time - as in years), and it works great. It even works with the Duo app by adding a new account in the app and scanning the 3d barcode. Couldn't be too hard for Instructure to roll this feature into the production version...

I haven't played around with it and Duo/external authentication, yet. So, I'm not sure if set to 'Required', if that will be for internal auth account only, or potentially apply to external auth and Duo (or any other external 2FA setup) - creating a situation where external auth users have two 2FA prompts when they login. In our situation, only admins have internal auth ability, so 'Required for Admins' would work great for us.

The options for it are: Disabled, Optional, Required for Admins, Required.